Move things around so hpn applies cleanly when using X509. Forward-Ported-from: files/openssh-4.9_p1-x509-hpn-glue.patch Signed-off-by: Robin H. Johnson diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/Makefile.in openssh-5.1p1+x509-hpn-glue/Makefile.in --- openssh-5.1p1+x509/Makefile.in 2008-08-23 14:12:53.000000000 -0700 +++ openssh-5.1p1+x509-hpn-glue/Makefile.in 2008-08-23 14:13:51.000000000 -0700 @@ -44,11 +44,12 @@ CC=@CC@ LD=@LD@ CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ +CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ +CPPFLAGS += @LDAP_CPPFLAGS@ AR=@AR@ AWK=@AWK@ RANLIB=@RANLIB@ diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/servconf.c openssh-5.1p1+x509-hpn-glue/servconf.c --- openssh-5.1p1+x509/servconf.c 2008-08-23 14:12:53.000000000 -0700 +++ openssh-5.1p1+x509-hpn-glue/servconf.c 2008-08-23 14:23:56.000000000 -0700 @@ -108,6 +108,17 @@ options->log_level = SYSLOG_LEVEL_NOT_SET; options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; + ssh_x509flags_initialize(&options->x509flags, 1); +#ifndef SSH_X509STORE_DISABLED + ssh_x509store_initialize(&options->ca); +#endif /*ndef SSH_X509STORE_DISABLED*/ +#ifdef SSH_OCSP_ENABLED + options->va.type = -1; + options->va.certificate_file = NULL; + options->va.responder_url = NULL; +#endif /*def SSH_OCSP_ENABLED*/ options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; options->pubkey_authentication = -1; @@ -151,18 +162,6 @@ options->num_permitted_opens = -1; options->adm_forced_command = NULL; options->chroot_directory = NULL; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; - ssh_x509flags_initialize(&options->x509flags, 1); -#ifndef SSH_X509STORE_DISABLED - ssh_x509store_initialize(&options->ca); -#endif /*ndef SSH_X509STORE_DISABLED*/ -#ifdef SSH_OCSP_ENABLED - options->va.type = -1; - options->va.certificate_file = NULL; - options->va.responder_url = NULL; -#endif /*def SSH_OCSP_ENABLED*/ } void @@ -338,6 +337,16 @@ /* Portable-specific options */ sUsePAM, /* Standard Options */ + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, + sAllowedClientCertPurpose, + sKeyAllowSelfIssued, sMandatoryCRL, + sCACertificateFile, sCACertificatePath, + sCARevocationFile, sCARevocationPath, + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, @@ -360,16 +369,6 @@ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, - sAllowedClientCertPurpose, - sKeyAllowSelfIssued, sMandatoryCRL, - sCACertificateFile, sCACertificatePath, - sCARevocationFile, sCARevocationPath, - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, sDeprecated, sUnsupported } ServerOpCodes;